August 2004 - Posts
Back in March I posted about PortReporter, a tool written by Tim Rains of the PSS Security team:
http://msmvps.com/secure/archive/2004/03/18/4017.aspx
I've been meaning to post an update since the end of July and am finially just getting around to it. In late July, Tim released PR-Parser (PortReporter Parser), a GUI based tool for analyzing the PortReporter generated log files. The following KB article goes in to a lot of detail on the reporter tool:
http://support.microsoft.com/default.aspx?scid=kb;en-us;837243&Product=win2000
And contains the download link for the port reporter parser which is here:
http://download.microsoft.com/download/2/8/8/28810043-0e21-4004-89a3-2f477a74186f/PRParser.exe
Many have found this tool to be extremely useful in sorting log files for suspicous activity. Feedback welcomed!
Not yet but that would be cool. In the mean time, you can use the Office Update Inventory tool:
http://www.microsoft.com/downloads/details.aspx?familyid=1687c33e-d2c8-4766-937f-6e97e3e0f299
The Office Update Inventory Tool version 2.1 enables administrators to check one or more computers in their organization (from a central location) for the status of Microsoft Office 2000, Office XP, and Office 2003 updates.
http://www.microsoft.com/downloads/details.aspx?familyid=9faba6ed-2e9c-44f9-bc50-d43d57e17078
This guide explains how to implement the security measures recommended in the Microsoft Windows XP Security Guide in a small or medium business environment without an Active Directory directory service deployment. These recommendations help ensure that your desktop and laptop systems running Windows XP Professional Service Pack 2 (SP2) are more secure from the majority of current security threats.
Ok, not my “mom“ really ;-)
http://www.microsoft.com/downloads/details.aspx?familyid=812b3089-18fe-42ff-bc1e-d181ccfe5dcf
This document provides detailed information about the security-related features in MOM 2005 including changes from MOM 2000 SP1, securing new installations and upgrade to MOM, securing agent deployment, using additional security such as IPSec, and best practices.
Overview
The Windows Firewall feature of Microsoft® Windows® XP Service Pack 2 (SP2), a replacement for the Internet Connection Firewall (ICF) in previous versions of Windows XP, is a stateful host firewall that provides protection for computers against incoming traffic from the Internet or from neighboring network devices on a private network. This article describes how Windows Firewall works, the common problems with using Windows Firewall, and the set of tools used to troubleshoot Windows Firewall issues. This article is intended for network administrators and advanced users who are familiar with Windows XP and Transmission Control Protocol/Internet Protocol (TCP/IP).
http://www.microsoft.com/downloads/details.aspx?familyid=a7628646-131d-4617-bf68-f0532d8db131&displaylang=en
Stephen is a program manager on the Microsoft Security Response Center team. Watch his video interview on Channel 9 to get a first hand look at how the MSRC works:
http://channel9.msdn.com/ShowPost.aspx?PostID=19449
We are planning on releasing version 1.2.1 of the Microsoft Baseline Security Analyzer with support for Windows XP Service Pack 2 on August 16th.
Keep on eye on www.microsoft.com/mbsa for more information.
August 10, 2004
Today Microsoft released the following Security Bulletins.
Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.
Bulletin Summaries:
August Summary
http://www.microsoft.com/technet/security/Bulletin/ms04-aug.mspx
Moderate Bulletins:
MS04-026 - Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks (842463)
http://www.microsoft.com/technet/security/Bulletin/MS04-026.mspx
This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.
On Friday August 6th, we released Windows XP Service Pack 2 to manufacturing.
On-line distribution will be the primary distribution vehicle for Windows XP Service Pack 2 and below is a summary of the key milestones of the distribution plan:
8/6 Release to manufacturing
8/9 Release to Microsoft Download Center (network installation package)
8/9 Release to MSDN subscription site (CD ISO image)
8/10 Release to Automatic Updates (for machines running pre-release versions of Windows XP Service Pack 2 only)
8/16 Release to Automatic Updates (for machines NOT running pre-releases versions of Windows XP Service Pack 2)
8/16 Release to Software Update Services
Later in August Release to Windows Update for interactive user installations
Because of the significant security improvements outlined above, Microsoft views Windows XP Service Pack 2 as an essential security update and is therefore distributing it as a “critical update” via Windows Update (WU) and the Automatic Updates (AU) delivery mechanism in Windows. Microsoft is strongly urging customers with Windows XP and Windows XP Service Pack 1-based systems to upgrade to Windows XP Service Pack 2 as soon as possible.
XP SP2 Resources:
TechNet: http://www.microsoft.com/technet/winxpsp2
Consumer: http://www.microsoft.com/protect
Support Center: http://support.microsoft.com/default.aspx?scid=fh;EN-US;windowsxpsp2